First Exploit to Execute Arbitrary Code in Office 2007

Office 2007 withstood arbitrary code execution exploits for roughly two years. But that streak is over now that hackers have unleashed working attack code.

Microsoft published a security advisory on February 24 that offers minor details about the problem, which affects Office 2000, 2003, and 2007 as well as the standalone Excel Viewer.

As is often the case, a person would need to choose to open an corrupted Excel document at which point the exploit code will launch and run in the context of the currently logged in user. The Excel file itself is stored in the older binary file format as opposed to the newer XML file format.